I believe you need to use ACI and not ACL. ACI are a newer feature and
are not well documented yet, but, ACI allows you to use the LDAP database
to specify the equivalent functionality of ACL (which are hard-coded
into slapd.conf).

We have a requirement to set the ACLs programmatically through JAVA
(JNDI) and it seems as if the ACL is not an attribute on the user or
group entries. This leads me to believe that ACLs for a user and group
cannot be set using JNDI.

Can the ACL be specified on the individual user or group entry? Can I use
LDIF to add or update ACLs?